Penetration tester (barclays)

05 November England - Greater London, London Perm

Penetration Tester (Barclays, Canary Wharf) AVP

Overall purpose of role:
Global Information Security (GIS) are looking for a motivated, technically minded individual to join our application security and penetration testing team.
As a application security and penetration testing specialist you will be expected to:
* Contribute both on an individual assessment basis as well as a global strategic basis to raise the security posture across the organisation
* Identify application security vulnerabilities in a range of technologies including web and mobile through a combination of security assessment techniques: manual penetration testing, code-review, SAST, DAST, IAST etc
* Work collaboratively with development teams to proactively build security within their software delivery pipeline
* Develop security standards and guidelines for applications and systems developed at Barclays
* Disseminate specialist application security knowledge to both the security and development communities
* Innovate towards the goal of establishing novel security services and the enhancement of existing services
* Work within virtual teams of security and technical specialists to ensure quality delivery of leading solutions to our internal clients.
* Provide reports which highlight and clearly articulate vulnerabilities and weaknesses to clients in terms they understand.

Key Accountabilities and Skills required:
o Security Assessment
o Support security assessment coverage across Barclays
o Work with global team and external entities to deliver Security services
o Analyse and review security issues identified
o Supplement automated assessment techniques with manual security assessment approaches
o Communicate security issues identified and mitigation/remediation options to development community
o Generation of reports and follow up on issues until closure
o Develop and deploy tools, techniques and capabilities to enhance ability to deploy, scan and assess the global estate
o Develop automation scripts to enhance and automate the process
o Knowledge Sharing
o Produce and develop training material for the internal community to disseminate specialist expertise
o Research and Development
o Research new and emerging threats, counter controls and technologies affecting various platforms
o Innovate in collaboration with security focused development teams

Your Skills and Qualifications will include

Critical Requirements
* Have superior time management and organizational skills to undertake multiple critical supportive and advisory tasks concurrently
* Maintain a wide breadth of penetration testing and software security skills to a significant degree of depth
* Have a superior ability to articulate technical concepts to non-technical business owners and management
* Understand the business context/significance of application security controls and penetration testing findigns
* Possess an entrepreneurial attitude to excel in loosely defined scenarios

Technical Knowledge
* Strong web application testing/penetration testing/code-review experience
* Thorough knowledge of application security assessment techniques and their relative merits, including: SAST, DAST, IAST and manual assessment
* Understanding of Application security issues, coding standards, and an ability to articulate them to developers and project managers
* Understanding of the security mechanisms associated with Applications, operating systems, networks and databases
* Awareness of emerging Application Security technologies
* Knowledge of programming languages such as: Java(J2EE/Android), C#.NET, C/++/JNI, Objective C
* Experience working with web and mobile development projects as a developer or security subject matter expert
* Wider SDL activities such as threat modelling and design review
* Familiarity with web application multi-tier architectures and operation
* Working knowledge of cryptographic concepts and familiarity with best practice application within a development environment
* Demonstrated ability to solve complex technical problems
* Able to explain security functionality from first principles
* Physical security knowledge and experience is considered benefitial but not required

Security Management
* Sharing critical knowledge between Project Managers, Service Performance Managers, Developers and Engineers
* Ability to balance business impact, cost and risk against technical criticality
* Contribute to formulation of policies and best practices for security management
* Can consult on policy guidance, interpretation and enforcement mechanisms
* Knowledgeable of the full spectrum of application control techniques
* Can describe all key IT security functions, major roles, responsibilities and their inter-dependencies
* Has contributed to the creation of technology-related security best practices and processes
* Evaluates enterprise-wide impacts and makes recommendations for the company
* Can relate new technology potential for gaining a competitive advantage in business
* Understands security operations from a people, process and technology perspective
* Understands the role and importance of robust governance models
* Understands routine IT security monitoring and administration tools
* Understands performance measurements for IT security
* Understands major internal support functions and services
* Monitors marketplace trends and experiences on security, audit and control issues
* Knowledgeable of the full spectrum of application control techniques

Other Jobs IT finance

Back to the list